Pluf has discovered a vulnerability in Sun Java JDK/SDK,
which potentially can be exploited by malicious people to
compromise a user's system.

The jar tool does not check properly if the files to be
extracted have the string "../" on its names, so it's
possible for an attacker to create a malicious jar file in
order to overwrite arbitrary files within the filesystem.

Pluf has discovered a vulnerability in Sun Java JDK/SDK,
which potentially can be exploited by malicious people to
compromise a user's system.

The jar tool does not check properly if the files to be
extracted have the string "../" on its names, so it's
possible for an attacker to create a malicious jar file in
order to overwrite arbitrary files within the filesystem.

A vulnerability in the Java Runtime Environment (JRE) with applet
caching may allow an untrusted applet that is downloaded from a
malicious website to make network connections to network services
on machines other than the one that the applet was downloaded from.
This may allow network resources (such as web pages) and
vulnerabilities (that exist on these network services) which are not
otherwise normally accessible to be accessed or exploited.

A vulnerability in the Java Runtime Environment (JRE) with applet
caching may allow an untrusted applet that is downloaded from a
malicious website to make network connections to network services
on machines other than the one that the applet was downloaded from.
This may allow network resources (such as web pages) and
vulnerabilities (that exist on these network services) which are not
otherwise normally accessible to be accessed or exploited.